Database Reference
In-Depth Information
Application Connection Registry Table
We will create a table (see Listing 10-18) to hold the object each application provides, as a
RAW
data type.
It needs to be less than 2K to be stored as a
RAW
, so developers shouldn't expand on the template class
that we provide to them. Along with each object, we will store a binary large object (
BLOB
) data type that
holds a list of the associated connection strings.
It is difficult to index and select on
RAW
or
BLOB
types, as you might imagine. So we are going to index
on the class name and class version as
VARCHAR2
data types. These identifiers can be garnered from the
object, so we never pass them: passing the object is sufficient for us to find out who the application is
claiming to be.
Setting the table of Oracle connection strings (the
BLOB
) is not a one-time occurrence; they can be
updated. So we include an
update_dt
column in our table to keep track of that. We use the empty_blob()
directive to allocate a BLOB locator address by default, pointing at no particular BLOB, but an address
nonetheless—not a null.
Listing 10-18.
Application Connection Registry Table
CREATE TABLE appsec.t_app_conn_registry
(
class_name VARCHAR2(2000) NOT NULL,
class_version VARCHAR2(200) NOT NULL,
class_instance RAW(2000),
update_dt DATE DEFAULT SYSDATE,
connections BLOB DEFAULT EMPTY_BLOB()
);
Note
You can find this script in the file named
Chapter10/AppSec.sql
.
We create an index and primary key on
class_name
and
class_version
, not shown. We also create a
view of this table for regular reference.
A Set of Connection Strings for an Application
On the client side, we are going to handle our table of connection strings as a
HashMap
, which we will call
connsHash
. You must assure that it is marked
private
so only the
OracleJavaSecure
class can see it. Here
is the declaration:
private static
HashMap
<String, RAW> connsHash = null;
We will have exchanged keys with the Oracle database, so we can receive this table of connection
strings encrypted with the shared password key. We will only decrypt them as needed, creating a
connection and then freeing the connection string for garbage collection (retaining no class member
reference to it.) Note that until the garbage collector runs (automatically, self-scheduling), the clear-text
connection string will be in the machine memory, but not easily retrieved, even with a debugger.
A
HashMap
is a
Collection
class that has a key and value relationship. It is like a two-column table
with unique keys and associated values. Both the keys and values are Java objects, not primitives. In this
case, our keys are
Strings
, and our values are
RAWs
. Specifically, our
RAW
values are the encrypted form of